Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method for limiting packet routing in a computer network comprising a plurality of network devices, the method comprising: receiving a first packet at a first one of the network devices in the computer network; identifying that the first packet is to be forwarded to a second one of the network devices in the computer network; identifying that the first packet includes address information identifying that the second network device previously received a version of the first packet; determining that the first packet is part of a routing loop attack based on the identification that the second network device previously received the version of the first packet; and dropping the first packet that is determined to be part of the routing loop attack based on the identification that the second network device previously received the version of the first packet.
This invention describes a method for preventing routing loops in a computer network. A first network device receives a packet and identifies that it is intended for forwarding to a second network device. The system then identifies that the packet includes address information indicating that the second network device previously received a version of this very packet. Based on this prior receipt, the system determines that the packet is part of a routing loop attack. Consequently, the first network device drops the packet to prevent the detected routing loop from forming.
2. The method of claim 1 , wherein the second network device previously inserted the address information identifying the second network device in a header of a packet related to the first packet.
This invention describes a method for preventing routing loops in a computer network. A first network device receives a packet and identifies that it is intended for forwarding to a second network device. The system identifies that the packet includes address information indicating that the second network device previously received a version of this packet. This is specifically because the second network device itself previously inserted this unique address information into a header of a packet related to the first packet. Based on this prior receipt and the inserted address information, the system determines the packet is part of a routing loop attack and drops it to prevent the loop.
3. The method of claim 1 , further comprising: receiving a second packet; identifying that the second packet is to be forwarded through an automated tunnel; modifying the second packet when the second packet does not include information identifying an address associated with a previously forwarded packet related to the second packet; and sending the modified second packet to at least one other network device of the plurality of network devices.
This invention describes a method for preventing routing loops and managing packet tunneling in a computer network. A first network device receives a first packet, identifies it's for forwarding to a second device, and detects if its address information indicates the second device previously received a version of it, signifying a routing loop attack. If a loop is detected, the first packet is dropped. Additionally, the method involves receiving a second packet and identifying that it needs to be forwarded through an automated tunnel. If this second packet lacks specific address information that would identify an address associated with a previously forwarded related packet, the system modifies the second packet to include this information. The modified second packet is then sent to at least one other network device.
4. The method of 3 , further comprising: receiving a third packet; modifying the third packet to include header information; identifying a size associated with the modified third packet; and dropping the third packet based on the modified third packet exceeding a maximum packet size.
This invention describes a method for preventing routing loops, managing packet tunneling, and enforcing packet size limits in a computer network. A first network device receives a first packet, identifies it's for forwarding to a second device, and detects if its address information indicates the second device previously received a version of it, signifying a routing loop attack. If a loop is detected, the first packet is dropped. The method also handles a second packet: if it's for an automated tunnel and lacks specific address information to track its journey, it's modified to include it, then sent. Furthermore, the system receives a third packet, which it modifies to include additional header information. After this modification, the system identifies the total size of the third packet and drops it if the modified third packet now exceeds a predefined maximum packet size.
5. The method of claim 4 , further comprising sending a message to a sender of the third packet identifying that a maximum length of the modified third packet exceeds the maximum packet size.
This invention describes a method for preventing routing loops, managing packet tunneling, and enforcing packet size limits in a computer network. A first network device receives a first packet, identifies it's for forwarding to a second device, and detects if its address information indicates the second device previously received a version of it, signifying a routing loop attack. If a loop is detected, the first packet is dropped. The method also handles a second packet: if it's for an automated tunnel and lacks specific address information to track its journey, it's modified to include it, then sent. Furthermore, the system receives a third packet, modifies it to include additional header information, and then checks its size. If the modified third packet exceeds a predefined maximum packet size, it is dropped. In addition to dropping, the system sends a message back to the original sender of the third packet, explicitly notifying them that the packet's modified length exceeded the maximum allowed size.
6. The method of claim 5 , wherein the sender of the third packet sends a shortened version of at least one of the third packet or the modified third packet.
This invention describes a method for preventing routing loops, managing packet tunneling, and enforcing packet size limits in a computer network. A first network device receives a first packet, identifies it's for forwarding to a second device, and detects if its address information indicates the second device previously received a version of it, signifying a routing loop attack. If a loop is detected, the first packet is dropped. The method also handles a second packet: if it's for an automated tunnel and lacks specific address information to track its journey, it's modified to include it, then sent. Furthermore, the system receives a third packet, modifies it to include additional header information, and then checks its size. If the modified third packet exceeds a predefined maximum packet size, it is dropped, and a message is sent to the sender identifying the size exceedance. As a response to this message, the sender of the third packet sends a shortened version of at least one of the third packet or its modified form.
7. The method of claim 1 , further comprising: receiving a second packet at the first network device; identifying that the second packet is to be sent to an address associated with another network device of the plurality of network devices; identifying that address information included in a header of the second packet matches the address associated with the other network device; and dropping the second packet based on the identification of the matching address.
This invention describes a method for limiting packet routing and preventing loops in a computer network. A first network device receives a first packet, identifies it's for forwarding to a second network device, and detects if the packet's address information indicates the second device previously received a version of it, signifying a routing loop attack. If a loop is detected, the first packet is dropped. In an additional mechanism, the same first network device receives a second packet. It identifies that this second packet is intended for an address associated with another network device. Crucially, the system then identifies that address information contained within the header of this second packet directly matches the intended destination address for that other network device. This direct match indicates an imminent loop, and as a result, the second packet is also dropped.
8. A non-transitory computer-readable storage medium, having embodied thereon a program executable to perform a method for limiting packet routing in a computer network comprising a plurality of network devices, the method comprising: receiving a first packet at a first one of the network devices in the computer network; identifying that the first packet is to be forwarded to a second one of the network devices in the computer network; identifying that the first packet includes address information identifying that the second network device previously received a version of the first packet; determining that the first packet is part of a routing loop attack based on the identification that the second network device previously received the version of the first packet; and dropping the first packet that is determined to be part of the routing loop attack based on the identification that the second network device previously received the version of the first packet.
This invention provides a non-transitory computer-readable storage medium containing executable instructions for a program designed to limit packet routing in a computer network. When executed by a processor on a first network device, these instructions enable the device to receive a first packet and identify that it is intended for forwarding to a second network device. The program then identifies that the first packet includes address information indicating the second network device has already processed a previous version of this packet. Based on this identification, the program determines that the first packet is part of a routing loop attack. Consequently, the instructions cause the first network device to drop the first packet, thereby preventing the detected routing loop from forming.
9. The non-transitory computer-readable storage medium of claim 8 , wherein the second network device previously inserted the address information identifying the second network device in a header of a packet related to the first packet.
This invention provides a non-transitory computer-readable storage medium containing executable instructions for a program designed to limit packet routing in a computer network. When executed by a processor on a first network device, these instructions enable the device to receive a first packet and identify that it is intended for forwarding to a second network device. The program identifies that the first packet includes address information indicating the second network device previously received a version of this packet. This is specifically because the second network device itself previously inserted this unique address information into a header of a packet related to the first packet. Based on this prior receipt and the inserted address information, the program determines the first packet is part of a routing loop attack and causes it to be dropped.
10. The non-transitory computer-readable storage medium of claim 8 , further comprising instructions executable to: receive a second packet; identify that the second packet is to be forwarded through an automated tunnel; modify the second packet when the second packet does not include information identifying an address associated with a previously forwarded packet related to the second packet; and send the modified second packet to at least one other network device of the plurality of network devices.
This invention provides a non-transitory computer-readable storage medium containing executable instructions for a program designed to limit packet routing and manage packet tunneling in a computer network. When executed on a first network device, the instructions enable it to receive a first packet, identify it's for forwarding to a second device, and detect if its address information indicates the second device previously received a version of it, signifying a routing loop attack. If a loop is detected, the first packet is dropped. Additionally, the storage medium includes instructions to receive a second packet and identify that it needs to be forwarded through an automated tunnel. If this second packet lacks specific address information that would identify an address associated with a previously forwarded related packet, the instructions cause the system to modify the second packet to include this information. The modified second packet is then sent to at least one other network device.
11. The non-transitory computer-readable storage medium of 10 , further comprising instructions executable to: receive a third packet; modify the third packet to include header information; identify a size associated with the modified third packet; and drop the third packet based on the modified third packet exceeding a maximum packet size.
This invention provides a non-transitory computer-readable storage medium containing executable instructions for a program designed to limit packet routing, manage packet tunneling, and enforce packet size limits in a computer network. When executed, the instructions enable a first network device to receive a first packet, identify it's for forwarding to a second device, and detect if its address information indicates the second device previously received a version of it, signifying a routing loop attack, dropping it if detected. Additionally, the instructions handle a second packet: if it's for an automated tunnel and lacks specific address information to track its journey, it's modified to include it, then sent. Furthermore, the storage medium includes instructions to receive a third packet, modify it to include additional header information, and then check its size. If the modified third packet exceeds a predefined maximum packet size, the instructions cause it to be immediately dropped to prevent network issues.
12. The non-transitory computer-readable storage medium of claim 11 , further comprising instructions executable to send a message to a sender of the third packet identifying that a maximum length of the modified third packet exceeds the maximum packet size.
This invention provides a non-transitory computer-readable storage medium containing executable instructions for a program designed to limit packet routing, manage packet tunneling, and enforce packet size limits in a computer network. When executed, the instructions enable a first network device to receive a first packet, identify it's for forwarding to a second device, and detect if its address information indicates the second device previously received a version of it, signifying a routing loop attack, dropping it if detected. Additionally, the instructions handle a second packet: if it's for an automated tunnel and lacks specific address information to track its journey, it's modified to include it, then sent. Furthermore, the storage medium includes instructions to receive a third packet, modify it to include additional header information, and then check its size. If the modified third packet exceeds a predefined maximum packet size, it is dropped. In addition to dropping, the instructions cause the system to send a message back to the original sender of the third packet, explicitly notifying them that the packet's modified length exceeded the maximum allowed size.
13. The non-transitory computer-readable storage medium of claim 12 , wherein the sender of the third packet sends a shortened version of at least one of the third packet or the modified third packet.
This invention provides a non-transitory computer-readable storage medium containing executable instructions for a program designed to limit packet routing, manage packet tunneling, and enforce packet size limits in a computer network. When executed, the instructions enable a first network device to receive a first packet, identify it's for forwarding to a second device, and detect if its address information indicates the second device previously received a version of it, signifying a routing loop attack, dropping it if detected. Additionally, the instructions handle a second packet: if it's for an automated tunnel and lacks specific address information to track its journey, it's modified to include it, then sent. Furthermore, the storage medium includes instructions to receive a third packet, modify it to include additional header information, and then check its size. If the modified third packet exceeds a predefined maximum packet size, it is dropped, and a message is sent to the sender identifying the size exceedance. As a response to this message, the sender of the third packet sends a shortened version of at least one of the third packet or its modified form.
14. The non-transitory computer-readable storage medium of claim 8 , further comprising instructions executable to: receive a second packet at the first network device; identify that the second packet is to be sent to an address associated with another network device of the plurality of network devices; identify that address information included in a header of the second packet matches the address associated with the other network device; and drop the second packet based on the identification of the matching address.
This invention provides a non-transitory computer-readable storage medium containing executable instructions for a program designed to limit packet routing and prevent loops in a computer network. When executed on a first network device, the instructions enable it to receive a first packet, identify it's for forwarding to a second network device, and detect if its address information indicates the second device previously received a version of it, signifying a routing loop attack. If a loop is detected, the first packet is dropped. In an additional mechanism, the storage medium includes instructions to receive a second packet at the same first network device. The program then identifies that this second packet is intended for an address associated with another network device. Crucially, the instructions cause the system to identify that address information contained within the header of this second packet directly matches the intended destination address for that other network device. This direct match indicates an imminent loop, and as a result, the second packet is also dropped.
15. An apparatus for limiting packet routing in a computer network comprising a plurality of network devices, the apparatus comprising: a network interface that receives a first packet at a first one of the network devices in the computer network; a memory; and a processor that executes instructions stored in memory, wherein execution of the instructions: identifies that the first packet is to be forwarded to a second one of the network devices in the computer network, identifies that the first packet includes address information identifying that the second network device previously received a version of the first packet, determines that the first packet is part of a routing loop attack based on the identification that the second network device previously received the version of the first packet, and drops the first packet that is determined to be part of the routing loop attack based on the identification that the second network device previously received the version of the first packet.
This invention describes an apparatus, such as a network device, designed to limit packet routing and prevent loops in a computer network. The apparatus includes a network interface for receiving packets, memory, and a processor. The processor executes instructions stored in memory which enable the apparatus to receive a first packet. These instructions identify that the first packet is intended to be forwarded to a second network device. Critically, the instructions then identify that the first packet contains specific address information indicating that the second network device has previously received a version of this same packet. Based on this identification, the processor determines that the first packet is part of a routing loop attack. Consequently, the apparatus drops the first packet, effectively preventing the detected routing loop from forming.
16. The apparatus of claim 15 , wherein the second network device previously inserted the address information identifying the second network device in a header of a packet related to the first packet.
This invention describes an apparatus, such as a network device, designed to limit packet routing and prevent loops in a computer network. The apparatus includes a network interface for receiving packets, memory, and a processor. The processor executes instructions which enable the apparatus to receive a first packet and identify that it is intended for forwarding to a second network device. The instructions identify that the first packet includes address information indicating the second network device previously received a version of this packet. This is specifically because the second network device itself previously inserted this unique address information into a header of a packet related to the first packet. Based on this prior receipt and the inserted address information, the processor determines the first packet is part of a routing loop attack and causes it to be dropped.
17. The apparatus of claim 15 , wherein the network interface further receives a second packet and the processor executes further instructions to: identify that the second packet is to be forwarded through an automated tunnel; and modify the second packet when the second packet does not include information identifying an address associated with a previously forwarded packet related to the second packet, wherein the network interface sends the modified second packet to at least one other network device of the plurality of network devices.
This invention describes an apparatus, such as a network device, designed to limit packet routing, prevent loops, and manage packet tunneling in a computer network. The apparatus includes a network interface, memory, and a processor. The processor executes instructions to receive a first packet, identify it's for forwarding to a second device, and detect if its address information indicates the target device previously received a version of it, signifying a routing loop attack. If a loop is detected, the first packet is dropped. Additionally, the network interface receives a second packet. The processor executes further instructions to identify that this second packet needs to be forwarded through an automated tunnel. If this second packet lacks specific address information that would identify an address associated with a previously forwarded related packet, the processor modifies the second packet to include this information. The network interface then sends the modified second packet to at least one other network device.
18. The apparatus of 17 , wherein the network interface further receives a third packet, and wherein and the processor executes further instructions to: modify the third packet to include header information; identify a size associated with the modified third packet; and drop the third packet based on the modified third packet exceeding a maximum packet size.
This invention describes an apparatus, such as a network device, designed to limit packet routing, manage packet tunneling, and enforce packet size limits in a computer network. The apparatus includes a network interface, memory, and a processor. The processor executes instructions to receive a first packet, identify it's for forwarding to a second device, and detect if its address information indicates the second device previously received a version of it, signifying a routing loop attack, dropping it if detected. Additionally, the network interface receives a second packet; if it's for an automated tunnel and lacks specific address information to track its journey, the processor modifies it to include it, and the network interface sends it. Furthermore, the network interface receives a third packet, which the processor modifies to include additional header information. After this modification, the processor identifies the total size of the third packet. If the modified third packet now exceeds a predefined maximum packet size, the processor causes it to be immediately dropped to prevent network issues.
19. The apparatus of claim 15 , wherein the network interface further receives a second packet and the processor executes further instructions to: identify that the second packet should be sent to an address associated with another network device of the plurality of network devices; identify that address information included in a header of the second packet matches the address associated with the another network device; and drop the second packet based on the identification of the matching address.
This invention describes an apparatus, such as a network device, designed to limit packet routing and prevent loops in a computer network. The apparatus includes a network interface, memory, and a processor. The processor executes instructions to receive a first packet, identify it's for forwarding to a second network device, and detect if its address information indicates the second device previously received a version of it, signifying a routing loop attack. If a loop is detected, the first packet is dropped. In an additional mechanism, the network interface receives a second packet. The processor executes further instructions to identify that this second packet is intended for an address associated with another network device. Crucially, the processor then identifies that address information contained within the header of this second packet directly matches the intended destination address for that other network device. This direct match indicates an imminent loop, and as a result, the second packet is also dropped.
Unknown
July 21, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.